CVE-2004-1050

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1050
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
avaya / ip600_media_servers	r8	r8.x
avaya / definity_one_media_server	r12	r12.x
avaya / definity_one_media_server	r9	r9.x
avaya / definity_one_media_server	r7	r7.x
avaya / ip600_media_servers	r9	r9.x
avaya / definity_one_media_server	r8	r8.x
avaya / s8100	r9	r9.x
avaya / definity_one_media_server	-	-
microsoft / ie	6.0-sp1	6.0-sp1.x
avaya / s8100	r11	r11.x
avaya / s8100	-	-
avaya / ip600_media_servers	r6	r6.x
avaya / s8100	r7	r7.x
avaya / ip600_media_servers	r10	r10.x
avaya / ip600_media_servers	-	-
avaya / ip600_media_servers	r12	r12.x
avaya / s8100	r6	r6.x
avaya / s8100	r10	r10.x
avaya / ip600_media_servers	r7	r7.x
avaya / ip600_media_servers	r11	r11.x
avaya / definity_one_media_server	r6	r6.x
avaya / s8100	r8	r8.x
avaya / s8100	r12	r12.x
avaya / s3400	-	-
avaya / definity_one_media_server	r10	r10.x
avaya / definity_one_media_server	r11	r11.x
microsoft / internet_explorer	6.0	6.0.x
avaya / modular_messaging_message_storage_server	s3400	s3400.x

Vulnerability Database

289,599

CVE-2004-1050